CVE-2022-4607

CRITICAL Year: 2022
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-611
View all →

Vulnerability Description

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch is 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216215.

Related Vulnerabilities

CVE-2013-4334

CRITICAL
CVSS:9.8(Critical)

opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities

CWE-6112013

CVE-2014-0030

CRITICAL
CVSS:9.8(Critical)

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

CWE-6112014

CVE-2014-125087

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference....

CWE-6112014

CVE-2014-2052

CRITICAL
CVSS:9.8(Critical)

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML Ex...

CWE-6112014

CVE-2014-3005

CRITICAL
CVSS:9.8(Critical)

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or poten...

CWE-6112014

CVE-2014-3244

CRITICAL
CVSS:9.8(Critical)

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in a...

CWE-6112014